Re: [EXIM] Sender verification and DNS lookups

Top Page
This message is part of the following thread:
M\the complete thread tree sorted by date
MMPhilip Hazel at <-
MAdrian Bool at ->
Delete this message
Reply to this message
Author: Chris Thompson
Date:  
To: Tim Cutts
CC: exim-users
Subject: Re: [EXIM] Sender verification and DNS lookups
Tim Cutts writes:
>
> I have recieved a number of complaints about people not being able to send
> mail to my system; in particular from mail.zoo.co.uk.

I presume you mean they are sending mail with an envelope sender of
foobar@???. It would have been better if you had included
an entry from your rejectlog.

> I tried doing a DNS lookup on this site, and got something odd:
>
> 16:40 mole:~> nslookup mail.zoo.co.uk
> Server: mole.bio.cam.ac.uk
> Address: 131.111.36.9
> 
> Non-authoritative answer:
> Name:    mail.zoo.co.uk
> Address:  194.216.59.4

>
> produced almost instantly. However:
>
> 16:43 mole:~> nslookup -querytype=mx mail.zoo.co.uk
> Server: mole.bio.cam.ac.uk
> Address: 131.111.36.9
>
> *** mole.bio.cam.ac.uk can't find mail.zoo.co.uk: Server failed
>
> which took a long time to appear (some sort of time out, I suppose). I'm
> not much of a DNS expert,

"dig" is a more accurate tool than "nslookup" for this sort of thing,
although it is designed to scare off people who think they aren't
DNS experts... :-)

The situation appears currently to be to be

The authoritative nameservers for zoo.co.uk are ns0.zoo.net.uk and
ns1.zoo.net.co.uk (with adjacent IP addresses: this is the sort of
batty "redundacy" used far too much these days)

ns0.zoo.net.uk responds properly to requests for A records for
mail.zoo.co.uk.

ns0.zoo.net.uk responds with SERVFAIL for requests for MX records
for mail.zoo.co.uk, or indeed for MX records for anything at all
in the zoo.co.uk domain (apparently).

ns1.zoo.net.uk does not respond to DNS queries at all.

Also, whatever nameserver ns0.zoo.net.uk is running, it isn't a recent version
of BIND. (But then, neither is mole.bio.cam.ac.uk's!) 

>                           so:

>
> a) Could this be responsible for the error message that exim is
> generating and if so,

Yes. Exim's lookuphost router will look for an MX record before an A record.
If the MX record query gives a failure (not an NXDOMAIN or NOERROR+nodata)
then it treats it as "temporary", and won't go on to check for A records.
If it was routing for the purposes of delivery, this has to be right, of course.

> b) Whose fault is it likely to be?

Oh, it's their fault. No doubt about that. Get them to sort out their
nameserver.

There can be a problem for you, though, if they are retrying too fast
after the "temporary" rejection. 

Chris Thompson               Cambridge University Computing Service,
Email: cet1@???    New Museums Site, Cambridge CB2 3QG,
Phone: +44 1223 334715       United Kingdom.


--
*** Exim information can be found at http://www.exim.org/ ***


This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-[EXIM] exiqsumm uninitialized value?Re: [EXIM] Sender verification and DNS lookups->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)